In a development that has sent shockwaves through the global AI community, Anthropic, the San Francisco-based artificial intelligence safety company, has formally accused Chinese tech giant Alibaba of systematically extracting proprietary capabilities from its AI systems. The allegation, which comes amid escalating geopolitical tensions over technology transfer, has prompted urgent warnings from British cybersecurity authorities that intellectual property theft is becoming an existential threat to the UK’s nascent AI sector.
According to documents seen by this newspaper, Anthropic’s internal security teams detected unusual patterns of API queries originating from servers traced to Alibaba’s cloud infrastructure. The queries, which bypassed standard rate limits and exploited undocumented features in Anthropic’s language models, are believed to have been part of a coordinated effort to reverse-engineer the company’s constitutional AI training methods. These techniques, which align AI behaviour with human values, are considered a crown jewel of Anthropic’s research.
“This is not industrial espionage as we knew it,” said Julian Vane, Technology & Innovation Lead for a London-based think tank. “We are witnessing the weaponisation of public APIs. The attackers are not stealing code; they are stealing the model’s cognition itself, its very ethical architecture.” Vane, a former Silicon Valley engineer, warned that such extraction could allow foreign actors to bypass years of safety research. “Imagine someone training a lion to be docile, and then another party harvesting that training to create a more efficient predator. That is the scale of the risk.”
Anthropic’s CEO, Dario Amodei, said in a statement that the company had “irrefutable evidence” of the breach and had referred the matter to US federal authorities. Alibaba has denied the allegations, calling them “baseless and motivated by commercial rivalry”. However, a source close to the investigation said that intercepted communications between Alibaba’s AI division referenced “Operation Chimera”, a project explicitly aimed at replicating Anthropic’s safety stack.
The implications for British technology firms are profound. The UK, which has positioned itself as a global hub for responsible AI development, now faces a dual threat: the loss of proprietary research and the erosion of trust in its digital infrastructure. The National Cyber Security Centre (NCSC) has issued a rare “amber” alert to all companies operating frontier AI models, advising them to implement “defensive prompt engineering” and to monitor for “model stealing” behaviour.
“This is a wake-up call for every startup in London’s Silicon Roundabout,” said Vane. “The days of open APIs and trusting your cloud provider are over. We need to treat AI models as state secrets, because that is what they are becoming.” He advocated for a “digital sovereignty” framework, where critical AI capabilities are housed on sovereign hardware, with strict access controls and encrypted inference.
The affair also raises troubling questions about the ethical use of AI. If Alibaba indeed co-opted Anthropic’s safety mechanisms, it could deploy models that appear aligned but harbour hidden adversarial behaviours. “It’s the perfect trojan horse,” Vane noted. “You get the appearance of safety without the underlying commitment. The black mirror effect is real.”
As the story unfolds, investors are reassessing their exposure to Chinese tech firms, while Western AI labs are racing to patch their systems. Anthropic has announced it will release a new “immunisation layer” for its models, designed to detect and degrade extraction attempts. But Vane warns that the cat-and-mouse game has only just begun. “We are in an AI cold war,” he said. “The difference is that the opposition does not need to drop a bomb. They just need to steal the blueprints.”
